Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2025-34290

    Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs fi... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Race Condition

  • 8.5

    HIGH
    CVE-2025-66300

    Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files (/grav/user/accounts/*.yaml), which store hashed ... Read more

    Affected Products : grav grav-plugin-admin
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2023-53947

    OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-63526

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious ... Read more

    Affected Products : blood_bank_management_system
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-34418

    MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from its installation directory without sufficient integri... Read more

    Affected Products : mailenable
    • Published: Dec. 10, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-66359

    An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : siem
    • Published: Nov. 28, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-63534

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject mali... Read more

    Affected Products : blood_bank_management_system
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2023-53973

    Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quaranti... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2022-50688

    Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service t... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2024-58278

    perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to byp... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-63527

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. A... Read more

    Affected Products : blood_bank_management_system
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-66575

    VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing th... Read more

    Affected Products : veevpn
    • Published: Dec. 04, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-59373

    A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arb... Read more

    Affected Products : myasus
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-34419

    MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from its installation directory without sufficient integri... Read more

    Affected Products : mailenable
    • Published: Dec. 10, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-64461

    There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to g... Read more

    Affected Products : labview
    • Published: Dec. 18, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-53000

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF ... Read more

    Affected Products : nbconvert
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-64371

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.6.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-34417

    MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integri... Read more

    Affected Products : mailenable
    • Published: Dec. 10, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-67875

    ChurchCRM is an open-source church management system. A privilege escalation vulnerability exists in ChurchCRM prior to version 6.5.3. An authenticated user with specific mid-level permissions ("Edit Records" and "Manage Properties and Classifications") c... Read more

    Affected Products : churchcrm
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2021-47730

    Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full ... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 4962 Results